top of page
Signing a Document

Privacy Policy

Last updated: 01.02.26

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use this website.

1. Who We Are

This website is operated by Mr Sumit Midya, Consultant General and Upper GI Surgeon.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy or how your data is handled, please contact us via the details provided on the Contact page.

2. Information We Collect

We may collect and process the following types of personal data:

  • Contact information (such as name, email address, phone number)

  • Enquiry information submitted through contact or enquiry forms

  • Technical data such as IP address, browser type, operating system, and website usage data

  • Cookies and analytics data (see Cookie Policy)


We do not collect sensitive medical information through this website unless you voluntarily provide it.


3. How We Use Your Information

We use your personal data to:

  • Respond to enquiries and appointment requests

  • Provide information about our services

  • Improve the website and user experience

  • Ensure the website functions correctly and securely

  • Meet legal and regulatory obligations


We only use your data where we have a lawful basis to do so.


4. Lawful Basis for Processing

Under UK GDPR, we process your data based on one or more of the following:

  • Consent – when you submit an enquiry or contact form

  • Legitimate interests – to operate and improve the website

  • Legal obligation – where required by law


You may withdraw your consent at any time by contacting us.


5. How We Store and Protect Your Data

Your data is stored securely using industry-standard security measures.

We take reasonable steps to protect your personal information from unauthorised access, loss, misuse, or disclosure.

Personal data is only kept for as long as necessary to fulfil the purposes for which it was collected.

6. Sharing Your Data

We do not sell or rent your personal data to third parties.

We may share limited data with trusted service providers (such as website hosting or analytics providers) only where necessary and only under appropriate data protection agreements.

7. Cookies and Analytics

This website may use cookies and analytics tools to understand how visitors use the site and to improve performance.

For more information, please see our Cookie Policy.


8. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us using the details on the Contact page.


9. External Links

This website may contain links to external websites. We are not responsible for the privacy practices or content of those sites.


10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the “Last updated” date will be revised accordingly.

bottom of page